The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access.

Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL.